Pro-Napster Hacker Warns Against Arrest

[Nelson Murilo <nelson () PANGEIA COM BR>]

[http://dailynews.yahoo.com/h/ao/20000818/cr/pro-napster_hacker_warns_against_arrest_1.html]

   Friday August 18 04:17 PM EDT
   Pro-Napster Hacker Warns Against Arrest

   NEW YORK (APBnews.com) -- The alleged "hacktivist" who may have
   defaced as many as 60 Web sites in the past week with a pro-Napster
   screed now warns that fellow hackers will unleash widespread
   cyberattacks if federal authorities attempt to collar any suspects.

   The hacker goes by the online handle "Pimpshiz" and has posted an
   e-mail alias on each site that has been defaced. Someone using that
   alias contacted an APBnews.com reporter and claimed responsibility for
   the activity.

   "I'm sure I'll get arrested," Pimpshiz wrote in an e-mail. "Just be
   aware there will be a huge chain-reaction\aftermath when I get
   arrested."

   'Mass destruction' planned

   Minutes later another writer, "Ryan," an alleged acquaintance, said in
   an e-mail message that Pimpshiz should not face criminal penalties.
   Property hasn't been damaged, Ryan wrote, the defacements merely
   showed how vulnerable Microsoft operating systems are.

   "If the FBI arrests Pimpshiz, hundreds of hackers are on standby to
   cause mass destruction," Ryan warned.

   No other details of the possible "after-strike" -- such as likely
   targets or type of attack -- were offered by either writer.

   Conspiracy charges possible

   FBI spokeswoman Debra Weierman in Washington said National
   Infrastructure Protection Center investigators are still looking into
   the rash of Web site intrusions that allegedly carried Pimpshiz's
   signature.

   She said if the warning by Pimpshiz proved true, and further attacks
   were perpetrated as the result of an eventual arrest, then conspiracy
   charges could be lumped on top of possible computer fraud and
   intrusion charges.

   The defacements appear to have started as early as Aug. 8, with the
   hacker allegedly replacing the index pages of a strange assortment of
   Web sites with a rambling message deriding rock band Metallica for
   filing suit against online music-sharing system Napster.

   The message stated that Napster has been wrongly targeted by copyright
   infringement lawsuits that almost shut down the company last month.

   Claims to be 11-year-old girl

   In e-mail messages to APBnews.com, Pimpshiz claimed to be a "baggy
   pants wearing, rap listening" 11-year-old girl -- unusual, if ever
   proven true, since most hackers and crackers engaged in malicious
   online activity are teenaged boys.

   She is not a Napster user, the hacker repeated, but wanted to speak
   out about a perceived injustice.

   "I am doing this to show others how I see this matter," Pimpshiz
   wrote. "I want people to see my perspective."

   Sites picked at random

   The hacker wrote that the bizarre choice of victim sites -- which
   allegedly included a commercial roofing contractor in Palatine, Ill.
   -- were picked randomly. Pimpshiz claimed to have hacked 60 sites.

   Four sites operated by King World Productions were temporarily
   defaced, said company webmaster Nick Roller, including the online
   presence of TV's Roseanne Barr Show, The Martin Short Show, Inside
   Edition and its corporate site.

   Pimpshiz said the King World sites were picked because they are
   "high-profile."

   Attrition.org, a hacker news site, lists other victims as including
   Honda U.K., TDK and 800shoes.com.

   Exploited Windows bugs

   When asked by a reporter how access was gained to secure Web servers
   such as those operated by King World, Pimpshiz replied: "With a
   vulnerability in IIS 4 and 5.0."

   Cybersecurity analyst Elias Levy of SecurityFocus.com said that answer
   doesn't reveal much, but it apparently refers to known bugs in
   Microsoft's Windows NT Web servers.

   "There have been a few IIS vulnerabilities recently, but they mostly
   deal with being able to read the source code to Web scripts," he said.
   "Nothing that would let you take over the Web site all that easily,
   unless you found a problem in the script source code."

   Ray Kaplan, a computer security consultant at Guardent Inc. in St.
   Paul, Minn., said the defacements appear to be nothing new or
   original.

   "It's the same old penetration," he said. "You figure out what
   software people are running, and go find the exploit and take
   advantage of it."

   By James Gordon Meek, an APBnews.com editor.
   Copyright © 2000 Yahoo! and APB Online. All Rights Reserved.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".